Cybercrime is no longer a high-tech fantasy phenomenon exclusive to science-fiction movies; it’s real and it needs to be dealt with!
Cyber-attacks can cause an incredible amount of damage that extends far and wide with no tangible end. Unlike a broken window that can be fixed, or stolen money that can be recovered in one way or another, stolen data from a malicious hacking can cause an insurmountable list of problems. Since it’s not tangible, the information can be copied and spread around the world at a click of a button.
Data breach victims can suffer lasting psychiatric harm; sometimes never being able to trust anyone with their information for fear of it happening again. With their information out there, they can lose the control of who knows what about them. As an organisation, a cyber-attack that compromises your client database along with personal information cab create an everlasting stain on your reputation; not to mention loss of clients and investors.
Am I at risk?
Yes. Even reading this means you’re assumedly connected to the internet and therefore at risk. Anyone with an internet connection, or has shared any information with the internet or anyone with internet access, is at risk. Even an elderly neighbour who may never have used the internet will have medical records that are probably digitalised in the NHS’ patient database.
Organisations with client databases are often targeted – as even a name and an email address is valuable to a cybercriminal. On the face of it, what is a name and an email? For a cybercriminal, it’s an opening. Coupled with the name and nature of the organisation the information was stolen from, the cybercriminal already has enough information to contact the data breach victim to try and obtain even more information.
For example: consider the organisation as an environmental charity that plants trees in city centres. The cybercriminal could pretend to be the charity or another charity with a similar cause. They could email the victim and say that their last donation didn’t come through and ask for their bank details to ‘confirm’ that payment. Or a less direct approach would be to ‘confirm’ their membership details by requesting a date of birth or address.
With each piece of additional information, the data victim is at a higher and higher risk of harm.
We are all at risk and ignorance won’t do a thing to protect us.
What can I do to prevent a cyberattack?
First of all, assume that you can’t. With the level of cybercrime around us, you cannot ever think your information is impenetrable. As a human being, you likely have a mind boggling amount of information about you and almost all of it is probably recorded somewhere; even if separately and / or in small parts. As an organisation, the information you hold can be protected with advanced security, but it’s still penetrable; it’s just a matter of time and skill.
No one can fully prevent a cyberattack but we can certainly take steps to make it harder for one to occur and we can also mitigate the level of damage and impact caused.
People should be careful with whom they share information with, and organisations need to “up” their security game.